Setembro 23, 2019

How is Knox Platform for Enterprise enhancing Android security?

Jim Haviland

The great news about digital transformation is that workers are now operating and conducting daily workflows from the palms of their hands. That also means they’re using their mobile devices for personal and business uses alike — which makes their data all the more susceptible to security breaches.

Your business is likely to rely on mobile for more use cases every month, quarter and year for the foreseeable future. If you have any chance of keeping all those devices secure while effectively doing the things you want them to do, you will need to employ automation and integration to configure, support and decommission them.

The greatest friction against digital transformation has been a combination of security and management concerns and the lack of suitable platforms that address them head-on. Knox Platform for Enterprise addresses these and dozens of other enterprise needs, and is doing so for many organizations already.  

If you have a mobile program that has any sort of special needs or design goals that you have compromised to work with the other platforms, it’s time to consider Knox Platform for Enterprise.

 

What is Knox Platform for Enterprise?  

Knox Platform for Enterprise (KPE) is the most comprehensive set of device technologies for securing and managing Samsung devices running Android and Tizen. Android Enterprise has adopted some of the original Knox features to make all Android devices more manageable and secure, but KPE provides significant enhancements, particularly around the integrity of the hardware, operating system and data security — features critical to risk-averse, security-minded and regulated industries like         healthcarefinancial services and government. The Knox platform is built into Samsung’s mobile devices, including smartphones, tablets and wearables.     

KPE includes additional features and controls that span a range of common enterprise wishlist items throughout the device lifecycle, extending standard Android and Android Enterprise. These features are aimed at enabling enterprise security and management practices that remove the need for IT and the business to compromise their goals to the limitations of less professionally oriented technologies.  

  • Comprehensive device management:  KPE includes application programming interfaces (APIs) that provide fine controls of all apps and settings, containerized workspaces and remote management at every step in the lifecycle        
  • Granular security controls: APIs also allow responsive security management and security postures that keep data safe, even as the device changes context       
  • Granular application controls: the most complete management control set available over the apps and settings     
  • Hardware-backed trusted environment: hardware-based protections against tampering with the kernel or certificate stores that render the device useless if tampering is detected     
  • Sensitive data protections and containerization: multiple levels of encryption and detection to protect data at rest, allowing mobile devices to be used with sensitive data  
  • Robust VPN and firewall options: on-board VPN, per app VPN and multiple third-party options that bring mobile devices into a security posture almost as hardened as the devices inside your facilities
  • Credential and certificate management: the most versatile credential and certificate management features available on a mobile device  

Each specialized use case or regulated industry use case will find one or more of the KPE features to be indispensable for supporting their digital transformation.  

 

Mobile device differentiator

KPE is built on top of Android, and is compatible with and dramatically extends Android Enterprise. A wide range of devices and form factors from Samsung integrate its security features, because those same devices are fully compatible with less enterprise-focused environments that gear towards consumer usage.

Android  

With over 24,000 device options and the overwhelming bulk of the world’s market share for smartphones, Android is the largest computing platform of all time. With each version of Android, additional layers of security have been added to the operating system and to the specifications for manufacturers. This adds security features and controls making the Android ecosystem less vulnerable. The Google Play store has added additional scanning and oversight to provide a reliable source of applications.     

Android Enterprise     

Since Android 5.0 (Lollipop), additional APIs, features and specifications have been added to Android that provide some of the original Knox attributes — offering control over encryption, connectivity configurations and over-the-air enterprise mobility management (EMM) enrollment, referred to as Android Enterprise. All the major EMM, mobile device management (MDM) and unified endpoint management (UEM) platforms support Android Enterprise. With an MDM/EMM/UEM, organizations have access to a range of enrollment and configuration options, split use, BYOD and kiosk modes. Many original equipment manufacturers now offer at least part of their device fleets that meet the minimum requirements to be certified as “enterprise recommended.” Providing a consistent EMM/UEM control set that includes many of the most necessary security controls has given enterprises all over the world the confidence to adopt Android devices, and has inspired loyalty and excitement from many IT admins.     

Knox Platform for Enterprise     

For a detailed comparison of the security and management features of Android Enterprise and KPE, including methods of configuration, refer to this chart.

 

Who benefits from KPE?  

The majority of organizations that are implementing KPE engage in the most regulated or security-focused endeavors. Government, public safety and military use cases are embracing the nearly impenetrable layered security that comes from Samsung’s implementation of hardware-backed encryption, kernel protection and certificate enrollment protocols. KPE is certified for use with the most sensitive government and military information across all the major North American and European countries and many others.  

The breathtaking pace of innovation in cyber threats, however, is making some of these features valuable to any organization with sensitive information. Social engineering attacks may be the greatest threats to your business — phishing attacks against mobile users have grown 85 percent every year for nearly a decade.

While many of these security and control features were developed for government agencies and military specifications, some of the biggest winners are highly regulated businesses, local governments and law enforcement agencies. With the range of Samsung devices enabled for KPE, regulation compliance and defense-grade security are available at nominal price points, and in form factors that make it easy to provide mobile enablement across an organization. Simple, fast and secure deployment options make management of a Knox-based mobile environment easier and more reliable than any other endpoint solution.

Whether your organization is highly regulated, has specific needs for control or oversight or you’re just looking to stay well ahead of a fast-changing cyber threat environment, KPE provides the security, control and versatility you need to move with speed and confidence through digital transformation.  

Find out more about how Knox Platform for Enterprise differentiates from Android Enterprise in our free white paper.